Key definitions include: Cloud service provider (CSP), shared responsibility, service level agreement (SLA), and incident management.
The standard stresses that one management system can cover both security and service management. iso 27013 pdf
It applies to all organizations (public, private, non-profit) that intend to integrate an Information Security Management System (ISMS) per ISO 27001 and a Service Management System (SMS) per ISO 20000-1, specifically regarding cloud services. Handling non-conformities
This section explains how to align the "Context of the organization" from both standards. For example: service level agreement (SLA)
ISO/IEC 27013 provides supplementary guidance for organizations implementing ISO/IEC 27001 (Information Security Management Systems – ISMS) and ISO/IEC 20000-1 (IT Service Management Systems – ITSMS) together. While each standard is powerful alone, their integration reduces duplication, aligns security with service delivery, and improves compliance efficiency. This paper examines the structure, key recommendations, and implementation challenges of ISO 27013. It highlights common areas of synergy—incident management, risk assessment, and continual improvement—and contrasts them with potential conflicts (e.g., differing terminology, scope definitions). A case study approach is used to illustrate integration benefits in a mid-sized cloud service provider. The paper concludes that ISO 27013 is an underutilized but critical tool for organizations seeking certified dual compliance. Recommendations include early mapping of common clauses, unified internal audit programs, and integrated top-level management reviews.
Handling non-conformities. If a cloud service fails an SLA (service issue) and exfiltrates data (security issue), you treat it as one integrated corrective action.